File dcraw-CVE-2018-19655.patch of Package dcraw

Overview Repositories Revisions Requests Users Attributes Meta

File dcraw-CVE-2018-19655.patch of Package dcraw

Author: Filip Hroch <hroch@physics.muni.cz>
Description: stack-based buffer overflow bug
--- a/dcraw.c
+++ b/dcraw.c
@@ -8345,9 +8345,15 @@
 {
   UINT64 bitbuf=0;
   int vbits, col, i, c;
-  ushort img[2][2064];
+  ushort *img;
   double sum[]={0,0};
 
+#define IMG2D(row,col) \
+  img[(row)*width+(col)]
+
+  img = (ushort *) malloc(2*width*sizeof(ushort));
+  merror (img, "find_green()");
+
   FORC(2) {
     fseek (ifp, c ? off1:off0, SEEK_SET);
     for (vbits=col=0; col < width; col++) {
@@ -8356,13 +8362,14 @@
 	for (i=0; i < bite; i+=8)
 	  bitbuf |= (unsigned) (fgetc(ifp) << i);
       }
-      img[c][col] = bitbuf << (64-bps-vbits) >> (64-bps);
+      IMG2D(c,col) = bitbuf << (64-bps-vbits) >> (64-bps);
     }
   }
   FORC(width-1) {
-    sum[ c & 1] += ABS(img[0][c]-img[1][c+1]);
-    sum[~c & 1] += ABS(img[1][c]-img[0][c+1]);
+    sum[ c & 1] += ABS(IMG2D(0,c)-IMG2D(1,c+1));
+    sum[~c & 1] += ABS(IMG2D(1,c)-IMG2D(0,c+1));
   }
+  free(img);
   return 100 * log(sum[0]/sum[1]);
 }

Places

File dcraw-CVE-2018-19655.patch of Package dcraw

Places